I'm working on an iOS app that uses Face ID to access the app, but when they change their face id (add or remove), I want to detect that and get them to use their password (I've already built the password thing) before being able to use face id again. I know that I should be using kSecAccessControlBiometryCurrentSet (found here), and that the flag gets invalidated when the user adds or removes a face, or changes their enrolled face. However, I'm not sure how any of that kSecAccessControlBiometryCurrentSet stuff works because I haven't found too much on it.
So I guess my question is what is the recommended way to detect changes in Face ID? And can I retrieve the current state of the kSecAccessControlBiometryCurrentSet flag, and see if its invalidated?
Oh and by the way, I've seen this on apps like lastpass, so I think its possible.
If you have any questions whatsoever (I bet my question was pretty hard to understand), feel free to ask :D
Thanks :D
Related
So silly question here but if someone would humor me and lend any advice I would appreciate it SO much. I’ve had some issues since I’ve created my apple account, but one thing I keep noticing specifically that confuses me (my Apple ID once said it can not be changed, now it allows me the option to change my Apple ID and phone/email everything)
I wouldn’t be so concerned with this, but I’ve had reasons for safety/security concerns and then I noticed this. I see many “null” type messages in my data when I view it directly from my device as well. I’m not tech savvy at all so this is all beyond me. Forgive me please if I’m not posting this correctly. I receive error messages from apple when trying to download my data even. I’ve updated and reset my phone before but it doesn’t help. I want to just know this is user error on my end but I’m not finding information to confirm that anywhere I try to look. Thank you so much for anyone who might be able to point me in the right direction.
I’m no new user of Apple products, but I am brand new to coding and automation on iPhone. I’ve created an automation that does something at a specific time of day, but that’s as far as I’ve gotten because there’s limited settings they offer without me coding anything in. I’m trying to change a specific setting in the settings app “Notifications->(App)->turn notifications off” but I’m not sure how, or even if it’s possible to do, outside of what’s already programmed in. Thanks in advance, if anyone figures it out and lends a hand. (Edit: I would automate Do Not Disturb because that seems like the simple answer, but long story short, I don’t want anyone to see banners of messages and read my texts without my phone unlocked, and Do Not Disturb doesn’t do that as far as I’m aware.)
I'm experimenting with Vuforia. It's going pretty well so far.
Previously I've had the ImageTarget demo working with my own targets, so I know I can get this to work for my own purposes. I also realise targets should have a good "star rating" so that Vuforia can successfully track them.
However, the following experiment is confusing me:
I create my own target database using the Target Manager, with one target, which shows up as ZERO star rating. I know Vuforia likes high star ratings, but bear with me. As I expected the ImageTargets app does not seem to recognize my target image. No surprises there really given the ZERO star rating.
However, if instead I run the UserDefinedTargets demo and I take a "live" image of the same target, Vuforia is perfectly able to track the target !
Can anyone explain why this might be the case and how I can fix the problem?
Ideally, I would like to use ImageTargets as this allows me to load in databases as I please.
Alternatively, I would like to be able to store a database captured within the UserDefinedTargets app which I can reuse at a later stage.
Overall, I'd like to know why using the Target Manager doesn't work, but using the UserDefinedTarget app does work, and how I might be able to fix the problem.
Rather than add this to the question, which is already quite lengthy, I thought it better to put it as an answer, although I'm open to other comments and answers!
I think the UserDefinedTarget app may recognize the images "better" because directly after the user defined target image is taken, the camera (i.e. mobile phone) is in the correct position already. This does not, however, explain the excellent "re-recognition" rate, i.e. if the camera is moved away from the target and then brought back over the target, the UserDefinedTargets app recognizes the target instantly every time.
Hmmm...
I'm trying to add a bit security to my app. I have a server that the app connects to and I am thinking of sending a checksum of the binary when making a connection. If the checksum does not match with what I want. The server wont alow any connection.
I´ve read a couple of articles of how you can increase security of your app and many mention checksuming your binary but haven´t found any code explaining how you actually checksum your binary during runtime.
This one for example
http://www.seoxys.com/3-easy-tips-to-prevent-a-binary-crack/#ptrace
Other than that, from what I have understood, there is no way of knowing the exact checksum before hand since Apple will sign when submitting? I could however disable the check on my server when submitting a new version, then reenable the check when I know the checksum. Not a perfect solution but what solution is?
Anyone that can point me to the right direction?
In short, this is a very difficult thing to do. The reason why, is that you don't control the client code once it leaves your hands. Even if you get everything working perfectly with the checksum, and attacker could still take a checksum of the binary, modify it, and then have it submit the previous checksum instead of the new one, by modifying that code. In fact you would probably make it easy for him/her by using a function like _getBinaryChecksum() that he can just change :-)
If you are going to do this, use a cryptographically strong hashing algorithm like SHA-256. You are right that Apple signing it will change the hash, so you will need to program the server with the hash of the file after Apple signs it. Also keep in mind that any change at all to the app will greatly affect the hash, so you need to keep a historical list of previous hashes so you don't shut out customers who haven't upgraded yet.
You may want to check out these StackOverflow question, as it sounds like you are trying to do something similar:
Security When Using REST API in an iPhone Application
https://stackoverflow.com/questions/15390354/api-key-alternative/15390892#15390892
Is it possible to make app not launchable if it has been cracked and installed from installous? I don't want to see my app in installous
It's not that easy and it not answerable within some words or code snippets.
But you might check this:
http://www.shmoopi.net/ios-anti-piracy/iphone-piracy-protection-code-tutorial-2/
http://www.cocos2d-iphone.org/forum/topic/7667
http://thwart-ipa-cracks.blogspot.com/2008/11/detection.html
The read also here:
http://www.learn-cocos2d.com/2010/05/ignore-everything-youve-heard-about-app-store-piracy/
There are ways to detect whether your app is running on a jailbreaked device or whether your app has been modified (aka cracked). Take a look here and here for example.
From my point of view all you are getting by using these methods is a waste of time. Maybe you can make it harder for potential crackers and keep away the script kiddies. But you won't get that far that no talented cracker on earth would be unable to crack your app. Even one single cracker on earth who's able and motivated to crack your app is enough to upload it to hundred's of sites.
If really big companies fail at protecting their apps I really doubt that you will achieve it... so: wasted time which should be better spend on improving your app.
Probably not, because the part of cracking your application is to remove all restrictions (registration, detection of jailbreak, ...).